HIPAA message -- securing an e-mail

December 09, 2003

picture disc.HIPAA, the "Health Insurance Portability and Accountability Act of 1996," provides federal protection of patient health information. This HIPAA-related message is part of our continuing efforts to educate employees. Today's HIPAA message deals with securing an e-mail.

Question: I know e-mail which contains Protected Health Information (PHI) or other confidential information is not entirely secure. Is there anything I can do to protect the information?

Answer: If you are sending e-mail which contains PHI, it is possible to place the information in a Word or Excel document and attach this document to the e-mail. These documents can be password protected. The process to follow is:

  • Create the document.
  • Password protect the document.*
  • Create an e-mail and attach the password protected document to the e-mail.
  • Call the person with the password or send the password via a separate e-mail. While this procedure is not required, it will provide additional security for the document. As a reminder, the subject line should not contain the patient's name.

The HIPAA security rule mandates that we safeguard electronic protected health information -- these procedures provide an additional safeguard.

* Instructions for password protecting a file can be found on the following HelpPage:   How to Password Protect a File

If you're a manager, please ensure all of your employees are informed of the contents of these messages and how it applies to your work area. Some ways of sharing the information include discussions during staff meetings, printing and posting this message or asking your employees if they have any further questions.